00000003.exe

First submission 2022-08-03 14:14:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 456.0 KB (466944 bytes)
Compile time: 2021-06-17 14:47:50
MD5: a35383f9431d405cd1164a1ba5c93a2a
SHA1: dc09e242d4a334a70717421a767e2fd76e9f5dec
SHA256: 548a6de77d41a75d8463e4aa3d596caf294b6d5bfbc486dfaccd95b1819a1016
Import Hash : 409f5d6d64eccf1b9873a7c796c3f1ad
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 51/71 VT report date: 2022-08-02 17:54:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/00000003.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 14:14:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x511cc 332288 167dc18bcf3ffcda9e22fe5e6052b69abced4738 722381e679bb1ddb97c2d07b4958b44e
.rdata 0x53000 0x16f22 94208 f8f28e83a845c64aec58ab6dab345299f538dff8 447b6b218f686df4db2cd5ef417cddc4
.data 0x6a000 0x3d44 3584 e6275f8be29b60f37b1bf1ea9893984972a95b11 08aabee4c7c1a225b65f6841c6214873
.tls 0x6e000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x6f000 0x230 1024 aed548cb6e1f9d978e19cf9baafaf4430ca470b3 d5e2b33bf09b6cca8a373ecc18cc22af
.rsrc 0x70000 0x4b78 19456 0679fc215a6eec6fdf54da2653cdc14e9d26d4a9 8e8cdb523564e3542323c2e028684d34
.reloc 0x75000 0x382c 14848 2e105a8fdac2b6bca5b18f310282ecc064abf26b eaffa515443d7e9a0d23e99dbe48290d

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x72024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x745cc 1387
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x74b38 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
licence_code.txt
Library
mscoree.dll
KERNEL32.dll
SHELL32.dll
WINMM.dll
ADVAPI32.dll
WS2_32.dll
USER32.dll
SHLWAPI.dll
Powrprof.dll
PSAPI.DLL
gdiplus.dll
ntdll.dll
urlmon.dll
GDI32.dll

Import functions

Name Latest seen MD5
gggggg.exe 2022-08-03 20:11:02 f61c74deae0ce023bf2231e030edb7ab